On Wed, 29 Jul 2015 16:31, phill(_at_)hallambaker(_dot_)com said:
On Wed, Jul 29, 2015 at 4:37 AM, Werner Koch <wk(_at_)gnupg(_dot_)org> wrote:
OpenPGP does not specify a user interface but the wire format.
Obviously we use the most compact format there which is the plain binary
format. The questions are
That is how we used to work in the 1990s. Since then we have had to do
internationalization and such.
I can't see what internationalization has to do with the binary
representation of a fingerprint. As I said RFC-4880 is about the wire
format and not about user interfaces: It tells how to compute a
fingerprint and that it is the 16 octet MD5 hash or the 20 octet SHA-1
hash. Now that a fingerprint is printed like this
pub dsa2048/F2AD85AC1E42B367 2007-12-31 [expires: 2018-12-31]
Key fingerprint = 8061 5870 F5BA D690 3336 86D0 F2AD 85AC 1E42 B367
is the choice of the concrete implementation. It is an interesting idea
to have a common way of representing fingerprints to the user or in an
URL but that is not in the scope of RFC-4800bis.
Yes, totally. I am suggesting we put code points in for the SHA-2-512
digest and the SHA-3-512 digest.
Until now we have bound the format of the fingerprint to the version of
the public key format. The fingerprint for OpenPGP is a well defined
and internally used property of OpenPGP. This avoids multiple
fingerprints as we see with X.509 which does not have a specification
for a fingerprint at all.
My preference is to just truncate and use the inferred length. That allows
By truncation I mean an arbitary truncation like what we do with keyids.
Those 64 keyids are for example used to locally lookup the secret keys
for decryption - there is no need to have security here because it is
just a convenience method (cf. wild card keyids)
This is the 'domain separation' issue that was mentioned in the meeting.
I believe that we have to be able to revise the algorithm used to revise
the fingerprint and the format of the data being formatted independently.
Again, OpenPGP does not specify how to format a fingerprint. That is
and should stay out of scope for _this_ RFC but may be an additional
item for the WG.
sufficient would be if a completely radical change to the format was being
considered such as moving all the structures to YANG, CBOR, JSON or JSON-B.
The OpenPGP format is the OpenPGP format and not BER, PER, XML, or JSON.
Salam-Shalom,
Werner
--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp